Ryan Barrett's blog

Your data, our data

Biotech is all the rage these days. Fitbit and friends
burn VC money at one end,
Craig Venter captures imaginations
and press cycles and grant funding at the other, and an endless array of
startups, big pharma, and research foundations fill the middle to bursting.
Sequencing genomes is sexy. Folding proteins, stimulating neurons, and hunting
superbugs are all sexy.

Even so, my favorite recent biotech project isn’t a startup, new product, or
breakthrough in the lab. It’s a government bureacracy, working on compliance,
using billing data. No joke.

OK, that’s a bit unfair. It does at least have a Hollywood-killer-robot name:
Mini-Sentinel. NPR
did a great overview,
but in short, it’s an FDA project that mines
anonymized(ish)
medical records from over half of the American population to discover unexpected
drug side effects and reactions.

It’s a noble goal, but admittedly, it’s pretty straightforward big data. The
bureacracy itself is actually the part that gets me worked up. The research
community salivates at meta-analyses like these, but the data has always been
tied up in a straitjacket of regulation, liability, and trade secrecy
FUD. Big providers like Kaiser and
the VA do similar work on their own data, internally, but this the first project
I’ve seen that combines so much data from so many different sources.

It’s far from perfect, of course. The data itself is mainly billing codes, which
is temptingly standardized but was never meant for medical research, and the
methodology and results are still immature. Still, it’s a big deal.

At a higher level, Mini-Sentinel illustrates what I
and others
think may be the next defining question of our generation: how do we balance
the individual’s right to
privacy and control over their data
with society’s need to use it for the public good?

Medical records have always skewed toward the individual. Projects like
Mini-Sentinel may gradually erode that, but laws like
HIPAA and valid privacy expectations will
make progress slow and halting.

Other fields like advertising, and more recently national security, have skewed
toward the group.
The US has never enjoyed clear data privacy protection,
unlike the EU, so credit bureaus and online ad networks have run rampant.
Likewise, Snowden showed us just how brazenly the NSA has ignored the 4th
Amendment in its epic, 9/11-fueled land (and budget) grab.

The waters are murkier elsewhere. Google’s web search, for example, is a public
good that most of us depend on every day, but the EU has
strong-armed it recently with a
Right to Forget doctrine
for individuals. Similarly, Google’s
environmentalmapprojects are powerful forces for positive
change, but Street View has
to blur faces and license plates to protect privacy.

This is nothing less than the
tragedy of the commons in reverse.
Everyone loves an underdog, and right now that underdog is individual privacy,
under threat from big bad corporate and government wolves. I worry that our
bloodlust may lead us to muzzle important, worthy projects like Mini-Sentinel.
On the other hand, I also worry about our ongoing failure to reign in
power-thirsty behemoths like the NSA and tech oligopolies and provide meaningful
privacy and data rights for individuals.

The silver lining, at least, is that we’re talking about the question. We may
not be framing it quite the way I’d like, as a balance between individual and
group rights, but that’s ok. We’ll be struggling with it for a while to come.